• United States



The Unrelenting Rise of Botnet Threats

Jan 12, 20234 mins

The evolving world of scalable botnets has created new types of serious security threats.

idg week 42

As the world has moved to scalable online services for everything from video streaming to gaming to messaging, it’s really no surprise that malware has followed close behind. Specifically, threats such as botnets are evolving and scaling at such speeds that it’s more important than ever to proactively manage potential security threats. 

Botnets, a portmanteau or blend of the phrase robot networks, are collections of malware-infected computing resources that can be used to attack any connected target system. They’re a growing risk for every organization, enabling cyber criminals to steal passwords and gain access to corporate systems, deploy disruptive attacks that shut down entire network, or even hijack corporate data with ransomware.

The Botnet Evolution As detailed in Botnets Multiply and Level Up, a part of the 1H 2022 DDoS Threat Intelligence Report, threats are evolving in many ways—from accelerated growth to new types of attacks to more-sophisticated ways of hiding. In short, botnets are a bigger risk to corporate security than ever before. 

Although botnets have been around since the 1990s, they’ve grown staggeringly fast, especially over the past year. As the report notes, in the first half of 2022 alone, there were more than 67 million connections from more than 600,000 unique IP addresses across 30,000 organizations and 168 countries.

NETSCOUT botnet tracking metrics showed significant growth in the first half of 2022, with the number of high-confidence botnet nodes increasing from 21,226 in Q1 to more than 488,000 in Q2. More nodes mean more (and possibly more complex) future botnet attacks.

Just as major software providers continue to innovate by delivering solutions that are faster, more sophisticated, and easier to use, innovation is also driving botnet security threats. For example, there are new “DDoS-for-hire” services that make it easier than ever to launch coordinated and complex attacks on target companies, organizations, or industries. The goal: to distract security teams with DDoS while attackers actively work to exfiltrate data. They may also use ransomware to lock up data and prevent access.

The NETSCOUT research also showed a significant uptick in botnet direct-path attacks from the second half of 2021 to the first half of 2022, resulting in more application-layer attacks. This increase highlights the continuing shift from traditional reflection/amplification DDoS attacks to more direct-path ones. 

Proactive Defense Is Key Botnet innovations don’t stop at that. Many are making themselves even harder to detect. For example, the Mirai family of malware recently started taking advantage of SOCKS5 proxies. By integrating the use of SOCKS5 proxies into its communications protocol, the malware can thwart analysis and mitigation of compromised nodes, making it more lethal and harder to detect and stop.   Although organizations can’t be sure where the next security attacks will come or exactly what they may look like, organizations can be sure of one thing—botnets will continue to evolve at a serious pace, adding new capabilities while scaling up for even greater threats. 

Unfortunately, no one is safe from these ever-evolving botnet threats. Attacks can be motivated by financial considerations, revenge, geopolitical goals, ransom opportunities, or just malicious intent. Everyone from gamers to financial corporations to organizations that might have geopolitical enemies are at a greater risk from more-sophisticated botnet attacks.

All organizations must be proactive in defending themselves against these types of attacks or risk possible disruptions to their business, their services, their reputations, and their bottom lines.

For more expert insights into DDoS attack statistics and botnet risks, read the NETSCOUT 1H 2022 DD0S Threat Intelligence Report.

I would remove both these links. First, it’s too high up in the article – you don’t want to encourage the reader to click out so early. Second, the entire report is linked again at the bottom.